Q2 Cyberthreats: Fixing Mistakes in Mac OS X and the “Flame” in the Middle East

09 Aug 2012Virus News

Kaspersky Lab’s experts present a summary of the evolving IT threat landscape in Q2 2012. This year’s spring and early summer saw an unprecedented rise in the number of Android Trojans, Apple began to correct its mistakes and Linkedln leaked some data. However, the detection of the Flame worm was the most remarkable event in the IT world.

Kaspersky Lab was conducting an examination at the request of the International Telecommunication Union (ITU), which had asked for assistance to find an unknown malicious program deleting classified data on computers located in the Middle East. During the search, the company’s experts detected a new malware sample that was called “Flame”.
“While Flame’s primary function differs from that of known cyber weapons such as Duqu and Stuxnet, these malicious programs all have a lot in common: the geography of the attacks, and a specific target combined with the exploitation of specific software vulnerabilities,” commented Alexander Gostev, Chief Security Expert at Kaspersky Lab. “This puts Flame among the ranks of other cyber super-weapons released in the Middle East by unknown malicious users.”

The number of threats targeting Mac detected in Q2 2012 fell from the first quarter of the year. After the FlashFake botnet was detected last quarter — with over 700,000 Mac computers affected — Apple responded more actively to security issues with its operating system. Examples include the issue of critical patches for Oracle Java at the same time as their Windows equivalents, and the announcement of security features for the next version of Mac OS X: default app installation settings only from the official store, plus the use of a sandbox for apps downloaded from the store, automatic installation updates, etc. However experts warn that attacks targeting Mac users will continue. The evolution of targeted attacks could well see the development of cross-platform threats that will have similar code and run under several of the most common operating systems.

In Q2, several prominent online services were in the headlines after leakages from password hash databases. One of the biggest stories was that 6.5 million hashed passwords from part of the database of popular social network LinkedIn were made public. The company confirmed the leak and reported that as a result of its prompt response, the published passwords had been suspended and users had to create new passwords. Unfortunately, by the time this announcement was published, more than half the passwords had already been extracted from the database. “In order to avoid becoming a victim in a similar attack, users should first and foremost use long, complex passwords and avoid using the same password for different services, as such practice greatly increases the scope of potential damages if your account is hacked,” explained Yuri Namestnikov, the author of Kaspersky Lab’s latest report. “We also recommend that website administrators use up-to-date algorithms such as PBKDF2 and bcrypt – they use salting by default and dramatically complicate the problem of retrieving passwords.”

The complete version of the Q2 IT Threat Evolution report is available at Securelist.com.